Classifications

• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
  • G06V10/00—Arrangements for image or video recognition or understanding
  • G06V10/10—Image acquisition
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/401—Transaction verification
  • G06Q20/4014—Identity check for transactions
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/04—Payment circuits
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/30—Individual registration on entry or exit not involving the use of a pass
  • G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
  • G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
  • H04L9/3231—Biological data, e.g. fingerprint, voice or retina
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash

Definitions

• This disclosure relates generally to the field of secure communications, and in particular to the issuance and management of certificates for authenticating messages.
• Such electronic transactions may also involve users of remote repositories of data, for example, to access classified records, medical records, billing records, and unclassified but
• a digital certificate such as those defined by the X.509 and ANSI X.9 standards, allows users or buyers and sellers to authenticate electronic documents and electronic transactions in a manner analogous to the authentication of documents by a Notary Public in person-to-person transactions.
• Such authenticating certificates in the prior art may be generated by concatenating a message and a public key with a set 10 of data as shown in FIG. 1, which may be in a sequence and which may include a subject unique ID 12 corresponding to the subject; that is, the individual or entity such as a corporation, having the public key. As shown in FIG. 1,
• other fields in the set 10 of data may include a version number, a serial number for the certificate with respect to a sequence of generated certificates, the name of the issuer, a validity period to determine an expiration of validity of the certificate, a subject name identifying the user or individual sending the transaction, a issuer unique ID number, and other data extensions indicating privileges and attributes of the certificate, such as access privileges.
• the authenticating certificate being the concatenation of the set 10 of data with the public key and the transaction data, is then processed, for example, using a hash function such as a one-way hashing function, to generate a hashed value.
• the hashed value is then signed; that is, encrypted, using the private key of the user to generate a digital signature 14.
• the digital signature 14 is then appended to the authenticating certificate and the message, such as an electronic transaction, for transmission over, for example, a network.
• the X.509 and ANSI X.9 standards described above incorporate a hash function to generate unique digital signatures 14 from a respective set 10 of data.
• Such one-way hashing functions enable the transaction data to be computationally infeasible to derive solely from the hash value .
• Identification indica of individuals may be subdivided into three broad categories : indica based on the physical characteristics of the individual, that is, what the individual is; indicia based on one's knowledge, such as passwords known to the individual; and indicia based on assigned information, that is, what another individual has associated with the identified individual, or what the identified individual chooses with which to be associated.
• the first category having physical indicia relates to the biometric data of an individual, and includes characteristic features such as genetic composition, fingerprints, hand geometry, iris and retinal appearance, etc., which are unique to each individual, with known exceptions such as the identical genetic compositions of twins.
• the second and third categories having known and/or assigned indicia includes information which the individual knows and/or is charged with memorizing and divulging for authentication, such as social security number, mother's maiden name, access codes such as long distance calling card numbers, and personal passwords.
• the second category also includes information and/or objects which the individual owns and/or is charged with carrying and divulging for authentication, such as driver's licenses and passports.
• Private keys are assigned indicia. Accordingly, the lack of physical identification of a human transactor with a private key is a flaw in authentication techniques in the prior art using such private keys. Other authentication and security techniques in the prior art are similarly flawed, since many authentication and security techniques rely on identification indicia of the second category.
• biometric identification and classification in the authentication of electronic transactions provides for increased security and accuracy.
• a biometric certification system and method are disclosed herein which implements an end-to-end security mechanism binding the biometric identification of consumers with digital certificates.
• the biometric certification system authenticates electronic transactions involving a user, and includes a biometric input device which responds to a set of physical characteristics of the user, and generates corresponding first biometric data related to the physical condition of the user.
• Biometric data is pre-stored as biometric certificates in a biometric database of the biometric certificate management system by receiving data corresponding to physical characteristics of registered users through a biometric input device. Subsequent transactions to be conducted over a network have transaction biometric data generated from the physical characteristics of a current user, which is then appended to the transaction first data, and which then authenticates the user by comparison against the pre-stored biometric data of the physical characteristics of users in the biometric database.
• FIG. 1 illustrates an authenticating certificate in the prior art
• FIG. 2 illustrates a biometric certificate of the disclosed biometric certification system and method
• FIG. 3 illustrates a biometric certificate registration apparatus
• FIG. 4 illustrates an electronic transaction transmission section
• FIG. 5 illustrates an electronic transaction reception and processing section.
• FIG. 2 the present disclosure describes a biometric certification system and method for generating biometric certificates from a set 16 of data, including a subject unique ID 18 and biometric data 20.
• a digital signature 22 generated using data set 16 is then appended to the data set 16 to form the biometric certificate, as shown in FIG. 2.
• the disclosed biometric certification system is shown in FIGS. 3-5, having biometric registration section 24 shown in FIG. 3, a transmitting section 40 shown in FIG. 4, and a receiving section 42 shown in FIG. 5.
• the biometric registration section 24 processes user biometrics and associated inputs to generate biometric certificates which are unique to the user, and which are stored in a memory such as a biometric database and/or a smart card memory. Once such biometric certificates are stored, a first user may conduct biometrically-secured electronic transactions sent from the transaction transmission section 40 of FIG. 4 to the transaction reception section 42 of FIG. 5, at which the electronic transaction is authenticated and processed.
• the registration section 24 has a set of input devices, including a registration biometric input device 26 and a user data input device 28.
• the biometric input device 26 generates registration biometric data from the physical characteristics of the user, such as fingerprints, hand geometry, iris and retinal appearance, and speech patterns .
• the registration biometric input device 26 may include visual cameras and/or other visual readers to input fingerprints, hand geometry, iris appearance, and retinal appearance.
• companies such as IDENTIX, FUJITSU, and AUTHENTEC provide such equipment for reading fingerprints, while RECOGNITION SYSTEMS provides equipment to read hand geometry.
• EYE-DENTIFY is an example of a company which provides retinal imaging devices
• IRISCAN and SENSAR are examples of companies which provide iris imaging devices .
• the registration biometric input device 26 may be adapted to receive audio characteristics of a user.
• a microphone in conjunction with a speech digitizer may be used to receive and digitize speech.
• a speech digitizer may be used to receive and digitize speech.
• Such companies as BBN, T-NETIX, and ALPHA-TEL provide such equipment for receiving and digitizing speech to generate corresponding biometric data.
• Biometric input devices known in the art may be used to receive other physical characteristics such as facial and body appearance via, for example, a camera, as well as the genetic composition of the user by means of genetic material gathering procedures, such as blood lancets.
• the biometric certificate as shown in FIG. 2 may be generated by processing the registration biometric data from the registration biometric input device 26, processing the user input data such as a user ID from the user data input device 28, and processing the public key 30 of the user at a biometric certificate generator 32 of a registration authority 34.
• Such input data are processed with the private key 36 of a certifying authority to generate a digital biometric certificate 38 which is sent to the memory for storage and subsequent use to authenticate the first user and associated electronic transactions of the first user.
• the registration biometric data 20 to be incorporated into the biometric certificate of FIG. 2 is obtained directly from the physical characteristics of the subject through the biometric input device 26.
• the biometric data 20 has N bits in which N may be very large, such as about 500 bytes.
• the amount of the biometric data 20 is unlimited; for example, a fingerprint may be visually scanned to any resolution to obtain key fingerprint aspects which uniquely distinguish fingerprints, or alternatively to obtain data representing pixels of the entire fingerprint. Accordingly, the biometric data 20 may require large amounts of memory for storage such as 2 kB or even 4 MB. Accordingly, in the preferred embodiment, N is much greater than M.
• the biometric database 66 is built using, for example, a registration process in which individuals are required to provide proof of identity; that is, identification information such as a birth certificate, a driver's license, current bank account data, credit card account data, etc. to be provided to a registration authority. Once the registration authority is satisfied with such proof, the identification information is entered into the registration system 24 and biometric measurements are then taken concurrently using at least one biometric input device 26, as shown in FIG. 3.
• Such stored biometric measurements form the pre-stored biometric data in the biometric database 66 which corresponds to the pre-registered individuals who have undergone the registration process described above. Accordingly, pre- registered individuals may be properly authenticated, while unregistered individuals are rejected, within the cross-over error rate.
• the biometric certificates 38 are then sent to be stored in a memory, such as a biometric database or a memory of a smart card, as shown as the memory 66 in FIG. 5.
• the registration system 24 of FIG. 3 may be located at a central registration station associated with a network, such that the corresponding biometric certificates of a user may be directly and securely stored in the memory 66, such as a central biometric database of a network or an individual memory of a smart card of the user.
• the central biometric database as the memory 66 may serve a network of users conducting transactions, such as electronic commerce (E- commerce) , over the Internet and other networks.
• E- commerce electronic commerce
• a smart card of the first user having the memory 66 may pre-store the biometric certificates, such that kiosks and other devices such as terminals and automatic teller machines (ATMs) may access the memory 66 and obtain the secured biometric certificate of the first user.
• ATMs automatic teller machines
• the first user uses the transaction system 40 in FIG. 4.
• the first user uses a transaction biometric input device 44 to generate transaction biometric data 46 as contemporaneous biometrics associate with the first user.
• the first user also generates transaction first data 50 through a transaction data input device 48.
• the transaction first data 50 may include selections of products to be purchased over the Internet, or may include electronic funds transfers through an ATM.
• the transaction first data 50 also includes user ID data identifying the first user and associating the first user with the remainder of the transaction first data.
• Both of the transaction biometric data 46 and the transaction first data 50 are sent over the network 60 unchanged and in the clear, or optionally encrypted by additional encryption techniques known in the art, to be received by the transaction reception section 42, as shown in FIG. 5.
• both of the transaction biometric data 46 and the transaction first data 50 are processed, for example, using a first hash function 52, such as a one-way hashing function, to generate a first hashed value.
• a first hash function 52 such as a one-way hashing function
• RSA and SHA-1 are examples of public key cryptographic methods and one-way hashing which may be used for such encryption and hashing functions.
• the RSA method is described, for example, in U.S. Patent No. 4,405,829 to Rivest et al . , which is incorporated herein by reference.
• the first hashed value is then sent to a digital signature function 54, in which the hashed value is signed; that is, encrypted, using the private key 56 of the first user to generate a digital signature 58, incorporating the first hash value.
• the digital signature 58 is then sent to the network 60.
• the set of data transmissions constituting the transaction biometric data 46, the transaction first data 50, and the digital signature 58 may be sent as separate bitstreams and/or data packets, or otherwise may be sent together by appending the associated data sequences using a concatenator, such as an adder for bitwise adding of the data sequences.
• software may be used to append such data.
• the data 46, 50, and 58 may be sent to the network 60, which may include telephone networks, satellite communications, and/or the Internet.
• the receiving section 42 sends the user ID data 62 from the transaction first data 50 to be sent to a biometric certificate extractor 54.
• the biometric certificate extractor 54 uses the user ID data 62 to access a corresponding biometric certificate stored in the memory 66, such as the biometric database or smart card memory. That is, if the first user had previously stored corresponding biometric certificates generated from biometric characteristics of the first user using the registration system 24 shown in FIG. 3, the biometric certificate of the first user may be indexed according to the user ID data, such as the social security number, of the first user.
• the memory 66 may receive the user ID data 62, or otherwise may receive a command from the biometric certificate extractor 64 to retrieve any biometric certificate corresponding to the user ID data 62 of the first user. If none are available, the receiving section 42 may generate a rejection signal, for example, at the biometric certificate extractor 64, to indicate that no biometric certificate is available . Accordingly, any user requesting authentication of an electronic transaction but failing to be registered; that is, to have a corresponding pre-stored biometric certificate stored in the memory 66, is not authenticated. The receiving section 42 may generate a corresponding message of non-authentication, and may also send such a message through the network 60 to the transmitting section 40 to indicate no authenticity in the transaction.
• the biometric certificate 68 is retrieved and sent to the biometric certificate extractor 64 to decrypt the biometric certificate 68 using the public key 70 of the certifying authority.
• the biometric certificate extractor 64 obtain the decrypted registration biometric data 72 and the decrypted user public key 74 associated with the first user.
• the decrypted user public key 74 is then sent to a decryptor to decrypt the digital signature 58 sent over the network 60 from the transmitting section 24.
• the decryptor 76 then extracts the first hash value which was incorporated into the digital signature 58 by the first hash function 52.
• the receiving section 24 authenticates the first hash value by attempting to recreate the first hash value using a second hash function 78 which is identical to the first hash function 52 of the transmitting section 24.
• the second hash function 78 receives the transaction biometric data 46 and the transaction first data 50 from the network 60, which were sent from the transmitting section 24 in the clear, or optionally encrypted by additional encryption techniques known in the art.
• the second hash function 78 thus generates a second hash value from the same input data applied to the first hash function 52.
• the first and second hash values are then compared by a first classifier 80, such as a comparator or matching routines in software, for determining a match between the first and second hash values.
• a first validation signal 82 is generated to indicate whether or not both independently generated hash values match.
• the receiving section 42 determines that both of the transaction biometric data 46 and the transaction first data 50, in combination, are authentic and have not been modified during transmission over the network 60 .
• the receiving section 42 determines whether the electronic transaction is indeed from the indicated user corresponding to the transaction biometric data 46; that is, transaction biometric data 46 may not be authentic, or alternatively, the decrypted user public key 74 may be a public key 74 commonly shared by a specific group of people such as employees of a specific company.
• the receiving section 42 compares the biometric data of the first user generated during the transaction, as the transaction biometric data 46, with the registration biometric data generated at an earlier date from the first user during a registration process using the registration system 24.
• the registration biometric data which is decrypted by the biometric certificate extractor 64 to be the decrypted registration biometric data 72, is applied to a second classifier 84 to be compared to the transaction biometric data 46 which is sent over the network 60 in the clear, or optionally encrypted by additional encryption techniques known in the art.
• the second classifier 84 may be a comparator, or alternatively a software routine or other hardware/software devices implementing data matching techniques, for comparing the biometric data to obtain a decision value.
• the second classifier 84 may be a trained neural network and/or a fuzzy logic classifier for classifying whether or not, within an error tolerance, the sets of biometric data 46, 72 were obtained from the same individual using biometric input devices.
• Such classification methods for authentication of images and data sequences using neural networks are described, for example, in U.S. Patent No. 5,619,620 to Eccles, which is incorporated herein by reference.
• the second classifier 84 then generates a decision in the form of a second validation signal 86, which may be logic values corresponding to YES or NO, or TRUE or FALSE, indicating verification of the authenticity of the user sending the electronic transaction.
• the authentication decision may be a numerical value, for example, corresponding to a percentage of confidence of authenticity.
• the second classifier 86 may include a predetermined threshold of, for example, 98% authenticity, to be exceeded in order to proceed with the processing of the electronic transaction.
• the receiving section 42 shown in FIG. 5 may respond to the validation signals 82, 86 to process the transaction first data 50, such as an on-line purchase or an electronic funds transfer. Accordingly, transaction processing systems (not shown) may also be included in the receiving section 42. Alternatively, the receiving section 42 of FIG. 5 may be coupled to external transaction processing systems. In another alternative embodiment, the receiving section may include an AND circuit 88 shown in FIG. 5, such as a logic AND gate or other logic mechanisms, for generating a final validation signal 90 from the validation signals 82, 86.
• a final validation signal 90 reflecting the security of the overall transaction is generated.
• the first classifier 80 is a perfect classifier; that is, only an exact match of the hash values generates an authentication
• the second classifier 84 may generate percentages reflecting relative authenticity and/or scaled numerical values on an authenticity scale to reflect the error tolerance of the second classifier 84 and/or the cross-over error rates associated with biometrics. Accordingly, the application of fuzzy logic may be used to generate a crisp determination of the authenticity of the transaction biometric data 46 as the second validation signal 86.
• biometric certification system and method may include electronic transactions using a network as described in commonly assigned U.S. Patent Application No. 08/770,824, filed December 20, 1996 and entitled "VIRTUAL CERTIFICATE AUTHORITY, which is incorporated herein by reference.
• Such a system can be adapted to include the use of biometric certificates as described herein for cryptographically binding the biometric data of a user with identification information to form such biometric certificates.
• public key technology allows the transaction/signature authentication process to be done either centrally or remotely, depending upon the needs of the transaction.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Business, Economics & Management (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Accounting & Taxation (AREA)
• Signal Processing (AREA)
• Computer Networks & Wireless Communication (AREA)
• Theoretical Computer Science (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Life Sciences & Earth Sciences (AREA)
• Biodiversity & Conservation Biology (AREA)
• General Health & Medical Sciences (AREA)
• Finance (AREA)
• Health & Medical Sciences (AREA)
• Biomedical Technology (AREA)
• Human Computer Interaction (AREA)
• Multimedia (AREA)
• Collating Specific Patterns (AREA)
• Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
• Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
• Storage Device Security (AREA)

Priority Applications (6)

Applications Claiming Priority (2)

Publications (2)

Family

ID=21941088

Family Applications (1)

Country Status (9)

Cited By (79)

Families Citing this family (196)

Citations (1)

Family Cites Families (30)

• 1998
  • 1998-05-08 KR KR10-1999-7009815A patent/KR100486062B1/ko not_active Expired - Fee Related
  • 1998-05-08 US US09/075,165 patent/US6310966B1/en not_active Expired - Lifetime
  • 1998-05-08 BR BR9808737-1A patent/BR9808737A/pt not_active Application Discontinuation
  • 1998-05-08 AU AU74848/98A patent/AU7484898A/en not_active Abandoned
  • 1998-05-08 CN CNB988049392A patent/CN1139894C/zh not_active Expired - Fee Related
  • 1998-05-08 EP EP98922259A patent/EP0980559A4/en not_active Ceased
  • 1998-05-08 WO PCT/US1998/009770 patent/WO1998050875A2/en not_active Ceased
  • 1998-05-08 JP JP54858698A patent/JP4531140B2/ja not_active Expired - Fee Related
  • 1998-05-08 CA CA002287857A patent/CA2287857C/en not_active Expired - Fee Related

Patent Citations (1)

Also Published As

Similar Documents

Legal Events